jackrabbit-oak-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Mueller (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OAK-1083) Query with descendent node and access control fails to return result
Date Wed, 09 Oct 2013 08:36:42 GMT

    [ https://issues.apache.org/jira/browse/OAK-1083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790163#comment-13790163
] 

Thomas Mueller commented on OAK-1083:
-------------------------------------

The query above ({{/jcr:root/home//social/relationships/following//*...}}) is a bit different.
It doesn't read any property from the node 'social', or from 'relationships' or 'following'.
So I wonder whether we would be allowed to not check if the session can read those nodes.

> Query with descendent node and access control fails to return result
> --------------------------------------------------------------------
>
>                 Key: OAK-1083
>                 URL: https://issues.apache.org/jira/browse/OAK-1083
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: core, security
>    Affects Versions: 0.9
>            Reporter: Chetan Mehrotra
>            Priority: Minor
>              Labels: compatibility
>         Attachments: OAK-1083-testcase.patch
>
>
> The scenario is bit complex. Running a query with following condition does not give any
result
> *  Node path is like {{/home/users/geometrixx-outdoors/emily.andrews@mailinator.com/social/relationships/following/aaron.mcdonald@mailinator.com}}
> * It has a Glob jcr:read for everyone at {{\*/social/relationships/following/\*}}
> * The query is like 
> bq. /jcr:root/home//social/relationships/following//*[id='aaron.mcdonald@mailinator.com']
> * The query is executed with anonymous session
> On JR2 it returns expected result while on Oak it does not give any result



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message